<?php
include_once("inc.admin.php");
$this_title="$vars[admin_title] - Manage Admin";

if(!$pv["task"]["Manage Admin"]){
 print format_admin_page(format_err("You do not have the privilege to Manage Admin.<br />\n"), $this_title);
 exit;
}

$r_table_list=get_db_table();
if($_POST["do_admin"]){
 if($_POST["do_admin"]=="update"){
  //check admin existence
  $r_admin=@mysql_fetch_assoc(mysql_query("select * from $db->admin where id='$post_d[id]'"));
  if(!$r_admin){
   $errmsg.=__("The admin with ID: '$post_s[id]' does not exist!")."<br />\n";
  }else{
   //table privilege
   foreach($_POST as $request => $value){
    if(substr($request, 0, 3)=="dt_"){
     $pv_table_p=substr($request, 3);
     $r_pv_table_p=explode("+", $pv_table_p);
     $r_update_pv_table[$r_pv_table_p[0]][$r_pv_table_p[1]]=$value;
    }
   }
   for($i=0;$i<count($r_table_list);$i++){
    $pv_point=$manage_admin_p=$sql_p=$manage_cat_p=$manage_prod_p=0;
    if($r_update_pv_table[$r_table_list[$i]]["view"]){
     $pv_point+=1;
    }
    if($r_update_pv_table[$r_table_list[$i]]["add"]){
     $pv_point+=2;
    }                                             
    if($r_update_pv_table[$r_table_list[$i]]["edit"]){
     $pv_point+=4;
    }
    if($r_update_pv_table[$r_table_list[$i]]["delete"]){
     $pv_point+=8;
    }
    if(strlen($pv_point)==1){
     $pv_point="0$pv_point";
    }
    $db_pv_point.="$pv_point";
   }

   //task privilege
   $task_pv_all=task_pv();
   for($j=0,$t=count($task_pv_all);$j<$t;$j++){
    $apv_t[$j]=$task_pv_all[$j][0];
   }
   foreach($_POST as $apv_p => $value_p){//for each privilege
    if(substr($apv_p, 0, strlen("apved_"))=="apved_"){
     $r_apv_t[substr($apv_p, strlen("apved_"))]=$value_p;
    }
   }
   for($i=0;$i<count($apv_t);$i++){
    if($r_apv_t[$i]){
     $apv_t2="1";
    }else{
     $apv_t2="0";
    }
    $task_pv_point.=$apv_t2;
   }
   //end task privilege

   //email privilege
   $aepv_field=explode(",", $post_s["aae_repv"]);
   foreach($aepv_field as $field){
    if($r_admin["master"]=='y'){
     $email_pv_q.=($email_pv_q? ", " : "").$field."='y'";
    }else{
     $email_pv_q.=($email_pv_q? ", " : "").$field."='".($post_s["ae_$field"]? "y" : "n")."'";
    }
   }
  }

  if(!$errmsg){
   //update admin
   if($post_a["username"] && $post_a["id"]){
    if(strlen($post_s['password'])){
     $salt = generate_random_code(32);
     $enc_password = md5($post_s["password"].$salt).":".$salt;
     $password_q=", password='$post_d[password]', enc_password='$enc_password'";
    }
    $sql="update $db->admin set name='$post_d[name]', username='$post_d[username]' $password_q , email='$post_d[email]', pv_db='$db_pv_point', pv_task='$task_pv_point'".($email_pv_q? ", $email_pv_q" : "")." where id='$post_d[id]'";
    if(!mysql_query($sql)){
     $errmsg.="Error updating admin info.<br />\n<br />\n$sql<br />\nError: ".mysql_error()."<br />\n";
    }else{
     $msg="Admin ID: $post_s[id] '$post_s[name]' has been successfully updated.<br />\n";
     if($aid == $post_s["id"] && strlen($post_s["password"])){
      encrypt_admin_login_sess_cookie($post_s["username"], $enc_password);
     }
    }
   }else{
    $errmsg="Please enter Username for admin ID: $post_s[id].<br />\n";
   }
  }
  //##### DELETE ADMIN #####
 }elseif($_POST["do_admin"]=="delete"){
  if($post_s["id"]){
   $sql="delete from $db->admin where id='$post_d[id]'";
   if(!mysql_query($sql)){
    $errmsg.="Admin ID: $post_s[id] cannot be deleted.<br />\n<br />\n$sql<br />\nError: ".mysql_error()."<br />\n";
   }else{
    $msg="Admin ID: $post_s[id] has been successfully deleted.<br />\n";
   }
  }    
 }
 
 $msg=($msg? format_msg($msg) : "");
 $errmsg=($errmsg? format_err($errmsg) : "");
}
//##### END POST ACTION #####

//filter non-master account from seeing master account
$this_admin=mysql_fetch_assoc(mysql_query("select * from $db->admin where id='$aid'"));
if($this_admin['master']=='y'){
 $sql = "select * from $db->admin";
}else{
 $sql = "select * from $db->admin where master!='y'";
}
$r=mysql_query($sql);
for($i=0;$i<@mysql_num_rows($r);$i++){
 $admin=mysql_fetch_assoc($r);
 $checkbox_disabled=$admin["master"]=='y'? "disabled='disabled'" : "";
 $pv=get_admin_privilege($admin["id"]);
 $pv_db=$pv["db"];
 $pv_task=$pv["task"];

 //db privilege
 $pv_db_row="";
 for($j=0;$j<count($r_table_list);$j++){
  $view_checked=($pv_db[$r_table_list[$j]]["view"]? "checked" : "");
  $add_checked=($pv_db[$r_table_list[$j]]["add"]? "checked" : "");
  $edit_checked=($pv_db[$r_table_list[$j]]["edit"]? "checked" : "");
  $delete_checked=($pv_db[$r_table_list[$j]]["delete"]? "checked" : "");
  $table_name=($tr_table[$r_table_list[$j]]["name"]? $tr_table[$r_table_list[$j]]["name"]: $r_table_list[$j]);
  $pv_db_row.="
  <tr class=ams_body><td>$table_name</td><td><input type=checkbox name=dt_$r_table_list[$j]+view $view_checked $checkbox_disabled></td><td><input type=checkbox name=dt_$r_table_list[$j]+add $add_checked $checkbox_disabled></td><td><input type=checkbox name=dt_$r_table_list[$j]+edit $edit_checked $checkbox_disabled></td><td><input type=checkbox name=dt_$r_table_list[$j]+delete $delete_checked $checkbox_disabled></td></tr>";
 }
 $pv_db_d="
 <table width='100%'>
  <tr class='ams_header'>
   <td>Table</td>  
   <td>View</td>
   <td>Add</td>  
   <td>Edit</td>
   <td>Delete</td>
  </tr>
  $pv_db_row
 </table>";
 //end db privilege

 //task privilege
 $task_pv_row="";
 $task_pv_all=task_pv();
 for($j=0;$j<count($task_pv_all);$j++){
  $checked="";
  if($pv_task[$task_pv_all[$j][0]]){
   $checked="checked";
  }
  $r_task_pv_row[$task_pv_all[$j][2]]="
  <tr>
   <td><input type='checkbox' name='apved_$j' $checked $checkbox_disabled id='apved_$i$j' /> <label for='apved_$i$j'>".$task_pv_all[$j][0]."</label></td>
  </tr>";
 }
 for($j=0,$t=count($r_task_pv_row);$j<$t;$j++){
  if(isset($r_task_pv_row[$j])){
   $task_pv_row.=$r_task_pv_row[$j];
  }
 }
 $pv_task_d="
 <table width='100%'>
  <tr class='ams_header'>
   <td>Administrative Task Privileges:</td>
  </tr>
  $task_pv_row
 </table>";
 //end task privilege

 //email privilege
 $email_pv_row="";
 foreach($admin as $field => $value){
  if(preg_match('/^re_/', $field)){
   $repv_fields.=($repv_fields? "," : "").$field;
   if($field=='re_contact'){
    $pv_email_name="Receive emails from Contact Us";
    $extra_display="<br />\nWhether or not this admin user can receive emails from the Contact Us form.";
   }elseif($field=='re_system'){
    $pv_email_name="Receive emails from System";
    $extra_display="<br />\nWhether or not this admin user can receive emails from the system regarding issues including $vars[ewallet] Automatic Withdrawal and manual withdraw notification.";
   }elseif($field=='re_error'){
    $pv_email_name="Receive emails when there is an error";
    $extra_display="<br />\nWhether or not this admin user can receive emails from the system when there is an error.";
   }else{
    $pv_email_name=preg_replace('/^re_/', '', $field);
    $extra_display="";
   }
   $email_pv_row.="
   <tr>
    <td><input type='checkbox' name='ae_$field' ".($value=='y'? "checked='checked'" : "")." $checkbox_disabled id='ael_$field"."_"."$admin[id]' /><label for='ael_$field"."_"."$admin[id]'>$pv_email_name</label>$extra_display</td>
   </tr>";
  }
 }
 $repv_inputfield="<input type='hidden' name='aae_repv' value=\"$repv_fields\" />";
 $pv_email_d=
 "<table width='100%'>
  <tr class='ams_header'>
   <td>Email Privileges: $repv_inputfield</td>
  </tr>
  $email_pv_row
 </table>";
 //end email privilege

 $admin_privilege="$pv_task_d<br />\n<br />\n$pv_email_d<br />\n<br />\n$pv_db_d";

 $admin_detail="    
 <table width='240'>
  <tr><td>ID:</td><td>$admin[id]".($admin['master']=='y'? " (MASTER)" : "")."</td></tr>
  <tr><td>Name:</td><td><input type='text' class='inputbox' name='name' value=\"$admin[name]\" /></td></tr>
  <tr><td>Login:</td><td><input type='text' class='inputbox' name='username' value=\"$admin[username]\" /></td></tr>
  <tr><td width='120'>Login Password:</td><td><input type='text' class='inputbox' name='password' />".__("Only provide a password if you wish to reset this account password.")."</td></tr>
  <tr><td>Email:</td><td><input type='text' class='inputbox' name='email' value=\"".$admin["email"]."\" /></td></tr>
 </table>";

 $delete_button=($admin["master"]!='y'? "
 <form name='delete' method='post' action='$vars[this_file]' onsubmit=\"return confirm('Delete this admin with ID: $admin[id]. Are you sure?\\n\\nClick OK to confirm to delete');\">
 <input type='hidden' name='do_admin' value='delete' />
 <input type='hidden' name='id' value='$admin[id]' />
 <input type='submit' value='Delete' />
 </form>" : "");
 $admin_row.="
 <form name='edit' method='post' action='$this_file'>
 <input type='hidden' name='do_admin' value='update' />
 <input type='hidden' name='id' value='$admin[id]' />
 <tr class='ams_body'>
  <td>$admin_detail</td>
  <td>$admin_privilege</td>
 </tr>
 <tr><td colspan='2' align='center'><input type='submit' value='Update' /></form> $delete_button</td></tr>";
}//finish each admin

$admin_list="
<table class='ams_table'>
 <tr class='ams_header'>
  <td width='250'>Admin Details</td>
  <td>Admin Privileges</td>
 </tr>
 $admin_row
</table>";

$add_button="<input type='button' value=\"Add Admin\" onclick=\"window.location='admin_add.php';\">";

$content="
<h3>Manage Admin</h3>
$errmsg $msg
$add_button
$admin_list";

print format_admin_page($content, $this_title);
?>